The Short Answer: A cookie banner and Consent Mode receiving that signal are two separate technical events. Most setups only achieve the first. Since 15 June 2026, Google Signals no longer compensates for the gap. Consent Mode v2 works correctly only when your CMP fires gtag('consent','update',...) with all four parameters, ad_storage, analytics_storage, ad_user_data, ad_personalization, and Advanced mode is implemented.
Why Is Your Consent Mode Setup Probably Broken, and Why Could You Not Tell Until Now?
The forcing function arrived on 15 June 2026. Before that date, Google Signals provided a secondary path for sharing ad data from GA4 to linked Google Ads accounts, acting as a silent compensator when Consent Mode was misconfigured. That path is now closed. If your consent signal chain was broken before June 2026, the gap was being quietly filled. Now it is not. You can read the full background in Google Analytics was quietly fixing your broken consent setup. Until now.
A cookie banner capturing a user's consent choice and Consent Mode receiving that choice as a signal are two separate technical events. Most implementations only achieve the first. The banner records a preference in the browser. Consent Mode is a separate signal layer that communicates that preference to Google's tags via four parameters. If the banner never fires gtag('consent','update',...), Google's tags remain in the dark about what the user decided, permanently.
A broken consent signal chain is not a minor attribution rounding error. Standard Google Ads conversion tracking already misses 30–50% of actual conversions due to cookie restrictions and privacy changes, according to Optimyzee. A broken consent layer compounds this further. A business running Google Ads without properly functioning Enhanced Conversions and Consent Mode is making bidding and budget decisions based on 50–70% of its actual conversion data, according to Optimyzee's analysis. Smart Bidding optimises against what it can see, feed it a degraded signal and the algorithm learns the wrong lessons, regardless of how sophisticated your target-return-on-ad-spend (tROAS) configuration is.
In my experience auditing accounts after the June 2026 change, the businesses most exposed are those that configured their CMP in early 2024 during the v2 enforcement wave, followed their vendor's documentation exactly, and assumed the job was done. The banner looks right. The account shows no obvious errors. But the update signal was never wired in.
What Does Consent Mode v2 Actually Do, and What Does It Not Do?
Consent Mode v2 introduced four parameters that together form the signal architecture between your consent banner and Google's tags. The two original v1 parameters, ad_storage and analytics_storage, control whether cookies can be set for advertising and analytics purposes respectively. The two v2 additions, ad_user_data and ad_personalization, became mandatory for EEA and UK advertisers from 6 March 2024.
The v2 parameters are frequently misunderstood. ad_user_data and ad_personalization do not change how tags behave on the page itself, they tell Google what it is permitted to do with data once that data arrives at Google's servers. Both must be granted together for any personalised advertising to function. Grant one and deny the other and personalised advertising is disabled entirely, a configuration failure that produces no visible error on the page but silently degrades campaign performance.
Enhanced Conversions is a separate mechanism, not a substitute for Consent Mode. Enhanced Conversions hashes first-party data, email addresses, phone numbers, to improve attribution by matching users across devices and sessions. Consent Mode is the permission layer that determines whether Enhanced Conversions data can be used at all. Getting Enhanced Conversions configured correctly while Consent Mode is broken means you have a functional attribution mechanism sitting behind a closed gate. I tell every client I work with: fix the gate before you build the mechanism.
There is also a separate, commonly missed failure mode: Enhanced Conversions will not collect data until the advertiser has accepted Google's Customer Data Terms within the Google Ads or GA4 account. Even if every tag is configured correctly and the consent signal chain is intact, data collection does not begin without that account-level Terms of Service acceptance. Check this before assuming the problem is technical.
Where Specifically Do Most Consent Setups Break? The Update Signal
The break almost always happens at step four of the consent signal chain, and it is invisible in normal account monitoring, which is why it survives for months uncaught.
The consent signal chain works in five steps. A user lands on your page. Tags fire with their default state, either denied or granted depending on how your defaults are configured. The user sees the consent banner and makes a choice. The CMP must then fire gtag('consent','update',...) with the updated state reflecting what the user decided. Finally, tags receive that update and behave accordingly.
The break almost always happens at step four. The CMP records the user's choice internally, the banner disappears, a preference is saved, but gtag('consent','update',...) never fires. Google's tags remain permanently in the state they were in when the page loaded. If the default was denied, they stay denied. The user accepted tracking, but Google never found out.
This failure mode is invisible in normal account monitoring. GA4 data looks plausible because some traffic converts without any consent interaction, returning users, direct visits, users on non-consented sessions where conversions still happen. Google Ads does not flag missing consent signals as an error in the diagnostics panel unless you know exactly where to look.
The specific metric to check is enhanced conversions coverage in the Google Ads diagnostics panel. The benchmark is that 50% or more of your conversions should be enhanced. Below 30% is the threshold signal that the implementation needs review. This number is falsifiable, it is visible in the Google Ads UI right now, and it tells you whether the signal chain is intact or broken.
When I run the Puppeteer-based consent checker on a new client account, this is the failure mode I find most often: a banner recording the consent preference client-side, the preference being stored in a cookie or local storage, but gtag('consent','update',...) never firing. The GA4 diagnostic confirms it, consent state never transitions from denied to granted for ad_storage, meaning zero modelled conversions are being generated despite Advanced Consent Mode being nominally configured.
The Puppeteer checker tests whether the update signal fires, not just whether the banner appears. Most standard diagnostics only confirm the second. That is why this class of misconfiguration survives for months without being caught.
Basic Versus Advanced: Why Does the Mode You Chose Determine Whether Modelling Works at All?
The choice between Basic and Advanced Consent Mode determines whether conversion modelling is possible at all for the period before a user interacts with the banner, it is not a minor implementation preference.
| Dimension | Basic Consent Mode | Advanced Consent Mode |
|---|---|---|
| When tags fire | Blocked entirely until banner interaction | Load immediately with defaults set to denied |
| Cookieless pings | None sent before interaction | Sent immediately on page load, enables modelling |
| Modelling eligibility | General model only, subject to data volume thresholds | Advertiser-specific modelling, more accurate recovery |
| Data gap risk | Hard blackout for pre-interaction period | Pre-interaction period recovered via cookieless pings |
The critical difference is cookieless pings. Advanced mode loads tags immediately with defaults set to denied, which means Google receives a signal about the visit, without cookies, without PII, before the user interacts with the banner at all. That signal is what enables advertiser-specific conversion modelling. Basic mode blocks everything until interaction, meaning the pre-interaction period is a complete data blackout.
Google's April 2021 blog cited conversion modelling recovering more than 70% of ad-click-to-conversion journeys lost to consent choices. That figure predates Consent Mode v2 and the current enforcement environment, treat it as directional rather than a planning assumption. The modelling recovery is also conditional on meeting data volume thresholds that many smaller businesses never reach. No publicly available source gives a specific conversion volume floor for advertiser-specific modelling eligibility.
Most CMP setup guides default to Basic mode. Businesses that followed vendor instructions during the 2024 implementation wave are likely on Basic without understanding the implications. If you configured your CMP by following the documentation your vendor provided, check which mode you are actually running. In my experience, the majority of accounts I audit that went through the 2024 compliance wave are on Basic, configured correctly by the instructions, but in the less capable mode.
What Does a Broken Consent Layer Actually Cost in Attribution Terms?
Three failure modes stack on each other, and the combined effect is a realistic floor, not a worst-case estimate.
Globally, only 31% of users accept tracking cookies on average, according to Cookie Script research. That means nearly 70% of your web traffic from EEA and UK visitors is invisible to standard tracking without functioning Consent Mode configuration. Safari and Firefox together account for roughly 30–35% of web browsing globally, and standard tracking loses these users quickly, often from the first session, because Safari's Intelligent Tracking Prevention limits first-party cookie lifespans to one to seven days, while Firefox blocks third-party cookies entirely, according to groas.ai.
Three failure modes stack on each other. Start with 30–50% of conversions already missed due to browser restrictions. Add the users who decline consent and are invisible without modelling. Add the users who accept consent but whose acceptance never reaches Google's tags because the update signal is not firing. The 50–70% figure Optimyzee cites for decisions made on incomplete data is not an exaggeration, it is a realistic floor for a business with a misconfigured consent setup.
A separate and opposite failure mode, double-counting, can mask the problem entirely. Importing the same conversion from both GA4 and a separate Google Ads conversion tag simultaneously causes every conversion to appear twice. Smart Bidding then optimises toward inflated numbers, performance looks stronger than it is, and the distortion only becomes visible when you check actual business outcomes against reported conversions. A broken consent layer that understates conversions and a double-counting configuration that overstates them are equally capable of steering your bidding strategy in the wrong direction. I have seen both failure modes present in the same account at the same time.
Who Is Liable When the Consent Mechanics Are Wrong?
Under UK GDPR and the Data Protection Act 2018, your business is the data controller and Google is the data processor, legal compliance responsibility sits with you, not with Google.
The ICO defines valid consent as freely given, specific, informed, and unambiguous. A misconfigured Consent Mode that transmits data before consent is given, because ad_storage defaults to granted when it should default to denied, is a controller-level failure. A setup where the update signal never fires and users' decisions are never communicated to Google's tags is equally a controller-level failure. The fact that the misconfiguration resulted from following a CMP vendor's instructions does not transfer liability.
The Data (Use and Access) Act 2025 received Royal Assent on 19 June 2025. Its interaction with UK GDPR consent requirements for digital advertising is still being implemented in stages, UK GDPR and PECR remain the operative framework for consent in digital advertising as of July 2026. Any advice suggesting the Act has already resolved the consent landscape should be treated with scepticism.
On certified CMPs: since January 2024, publishers using Google AdSense, Ad Manager, or AdMob to serve ads to EEA and UK users must use a Google-certified CMP. The certified list is maintained and updated by Google, a CMP that was certified at the time of your implementation may no longer appear on the current list. Verify your CMP's current certification status, not its status at the point you configured it.
The broader principle here is covered in Why Google's 'send more data' advice doesn't mention it's your legal liability, not theirs, platform account managers are commercially incentivised to help you send more data and have no obligation to flag the compliance responsibility that comes with doing so.
How Do You Check Whether Your Consent Signal Chain Is Actually Working?
You do not need a specialist tool to run an initial diagnosis, a developer or technically confident business owner can work through the following five steps.
Step 1: Test the decline path. Confirming the decline path works is the fastest way to rule out a catastrophic misconfiguration. Open Google Tag Assistant or GTM Preview on your site. Decline cookies on the banner. Confirm that ad_storage and analytics_storage remain denied after the decline. If they flip to granted after the user has declined, the CMP is not connected to Consent Mode at all.
Step 2: Test the accept path. Confirming all four parameters update on acceptance is where problems surface most consistently in my experience. Accept cookies and confirm all four parameters update correctly, ad_storage, analytics_storage, ad_user_data, and ad_personalization should all transition to granted. If any of the four remain denied after acceptance, the update signal is either not firing or not including all four parameters.
Step 3: Check enhanced conversions coverage in Google Ads. The enhanced conversions coverage metric gives you a single falsifiable number. In the Google Ads diagnostics panel, find the enhanced conversions coverage metric. Below 30% enhanced coverage is the threshold that flags a broken implementation. Above 50% indicates a functioning signal chain.
Step 4: Check the Consent Overview report in GA4. The GA4 Consent Overview report confirms whether consent state is actually transitioning after banner interaction. Navigate to Admin, then Data Collection, and look for the Consent Overview report. GA4's navigation labels change periodically, if the path has moved, search "consent" in the GA4 Admin search bar. A high denied proportion that does not shift after banner acceptance confirms the update signal is not firing: users are accepting, but Google's tags are not being told.
Step 5: Verify your CMP's current certification. Certification status changes, checking it now matters more than checking it at implementation. Confirm that your CMP appears on Google's current certified CMP list, not just that it was certified when you implemented it.
In my experience, when I run this sequence on a new account, Step 2 is where problems surface most consistently, the banner records the choice, but the update signal carrying all four parameters never fires.
Enhanced Conversions for Leads: Why Do the Consent Mechanics Work Differently for Service Businesses?
Enhanced Conversions for web and Enhanced Conversions for leads are architecturally different products, and the consent requirements that govern them are different too.
The web version improves attribution for online transactions. Enhanced Conversions for leads is designed specifically for businesses that generate offline sales from website enquiries, accountants, solicitors, tradespeople, consultants, where the conversion happens in a phone call or meeting that follows a form submission, not at the moment of the enquiry itself.
The mechanism works differently from the web version. A hashed email address or phone number is captured from the lead form at the point of submission. That submission is associated with a GCLID, the Google Click ID Google appends to the landing page URL from each ad click. When the offline sale is confirmed later, the conversion is imported keyed to that GCLID, bridging the web enquiry to the actual business outcome. This is closed-loop attribution for service businesses, not an approximation.
The consent requirements for Enhanced Conversions for leads differ from Enhanced Conversions for web. Enhanced Conversions for leads requires explicit opt-in consent for the email or phone number capture, not just ad_storage consent. A user who has accepted analytics cookies but not explicitly consented to their contact details being used for advertising purposes has not given the consent that Enhanced Conversions for leads requires.
A service business that has Enhanced Conversions for web configured correctly may still be missing the closed-loop attribution that Enhanced Conversions for leads provides. The 5–30% attribution recovery range Optimyzee reports for Enhanced Conversions relates primarily to web and e-commerce scenarios, no equivalent independently verified figure exists for the offline lead import pattern. Do not apply that range to a service business context and expect it to hold.
The practical architecture for a service business running Google Ads is: capture the GCLID as a hidden field on the lead form, store it against the lead record in your CRM, import the offline conversion when the sale closes, weighted by margin rather than revenue, and feed that to a tROAS bidding strategy with the target set 15–20% below your actual blended margin. That buffer gives the algorithm learning room; it is the approach I use with my own clients and walk through in detail in Stop working in your Google Ads. Start working on them. That entire setup depends on the consent layer being correctly configured before any of it becomes usable signal.
Frequently Asked Questions
My cookie banner is live and my CMP is set up, does that mean Consent Mode v2 is working correctly?
No. A live cookie banner confirms that your CMP is presenting a consent choice to visitors. Consent Mode v2 working correctly requires a separate and additional technical event: the CMP must fire gtag('consent','update',...) with all four parameters, ad_storage, analytics_storage, ad_user_data, and ad_personalization, reflecting the user's actual choice. If that update signal never fires, Google's tags remain in the default state they loaded with, regardless of what the user decided. The banner can be functioning perfectly as a user interface while Consent Mode receives no signal at all.
What is the difference between Basic and Advanced Consent Mode, and which should I be using?
Basic Consent Mode blocks all Google tags until the user interacts with the consent banner, no data, not even a cookieless ping, reaches Google before that interaction. Advanced mode loads tags immediately with defaults set to denied and sends cookieless pings before any interaction; those pings are what enable advertiser-specific conversion modelling for the pre-interaction period. Advanced mode recovers data that Basic mode loses permanently. Most CMP vendor guides default to Basic, which means many businesses configured their implementation correctly according to the instructions and ended up in the less capable mode without realising it. For any business running Google Ads, Advanced mode is the right choice.
If my Consent Mode is misconfigured, will Google tell me, or do I have to find it myself?
You have to find it yourself. Google Ads does not flag missing consent signals as a visible error in the standard diagnostics panel. The signal that something is wrong is the enhanced conversions coverage metric, if below 30% of your conversions are enhanced, the implementation needs review. You can also check the GA4 Consent Overview report under Admin and Data Collection: if consent state is not transitioning from denied to granted after banner acceptance, the update signal is not firing. Neither check is surfaced proactively by Google; you have to know to look.
Do I need separate consent for Enhanced Conversions for leads versus Enhanced Conversions for web?
Yes. Enhanced Conversions for web operates on ad_storage consent, users who accept advertising cookies have, in principle, enabled it. Enhanced Conversions for leads captures hashed contact details, email address or phone number, from a lead form, which requires explicit opt-in consent for that personal data to be used for advertising purposes. ad_storage being granted is not sufficient. A user must have specifically consented to their contact information being used in this way. A service business with correctly configured ad_storage consent but without explicit data capture consent may still be unable to run Enhanced Conversions for leads compliantly.
Since the Google Signals change in June 2026, what data am I now losing that I was not losing before?
Before 15 June 2026, Google Signals provided a secondary path for sharing ad data from GA4 to linked Google Ads accounts. For businesses with misconfigured Consent Mode, this path was quietly compensating, some conversion data was making its way through even when the consent signal chain was broken. That compensating mechanism no longer exists. Consent Mode's ad_storage signal is now the sole control for this data flow. Businesses that were previously receiving plausible-looking conversion data despite a broken consent setup are now receiving less data, and the gap is directly visible in conversion volumes if you know to look for it in the enhanced conversions coverage metric.
About the Author
Nathan O'Connor is a Performance and Growth Specialist with 20 years of experience helping UK businesses with 5–50 staff build systematic growth engines. He specialises in performance marketing, conversion optimisation, and revenue tracking, helping business owners understand what's actually working and fix what isn't. His approach connects traffic, conversion, tracking, and optimisation into a single growth system.
View Nathan's full profile and credentials
